Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

2026-05-08 00:30 - 2026-04-06 16:30 - 000000000 ____D C:\Users\xsilicon9\nn.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (No File)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-318496623-4164476102-272956971-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-318496623-4164476102-272956971-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
HKU\S-1-5-21-318496623-4164476102-272956971-1001\...\Run: [] => [X]
HKU\S-1-5-21-318496623-4164476102-272956971-1001\...\MountPoints2: N - "N:\setup.exe"
Task: {2BFCCA93-3BD4-4C9C-98D9-B5DDA0D9E9CB} - \Opera scheduled assistant Autoupdate 1719344272 -> No File <==== ATTENTION
Task: {2C7EEE7F-3725-4F8C-BF10-A36E41603891} - \COMODO\COMODO Maintenance {947247B5-026A-4437-9371-770782BE839D} -> No File <==== ATTENTION
Task: {42E569B1-F51F-4FFF-B4A0-5FA99E51EBF7} - \COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} -> No File <==== ATTENTION
Task: {511328D4-2A2D-4B8E-B44B-E05ED1004656} - \COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} -> No File <==== ATTENTION
Task: {68B88C7F-DA0F-4433-8326-B8807E7A1D7F} - \COMODO\COMODO Telemetry {18AD3DFA-30C0-4B5F-84F7-F1870B1A4921} -> No File <==== ATTENTION
Task: {9F3E7CBC-12F8-432F-A11C-4662406B32D4} - \COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} -> No File <==== ATTENTION
Task: {A728CAAE-16B8-4EC5-8235-F8617268C2BE} - \COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} -> No File <==== ATTENTION
Task: {A8D19E23-E6F9-43C6-BE9F-DABE7027FD28} - \COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} -> No File <==== ATTENTION
Task: {C1EEF3B8-3AB6-43BA-B74B-3CFDAC7C0ABB} - \COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} -> No File <==== ATTENTION
Task: {DEFD37A6-AD63-4777-BEFB-0702A762C901} - \Opera scheduled assistant Autoupdate 1590806199 -> No File <==== ATTENTION
Task: {A1063EF3-302C-4966-891B-3FA93C7672E9} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe  --cistrayUI (No File)
Task: {C55C3304-87C2-4AA1-88C9-BC4CEFCF86B5} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe  -schedule (No File)
Task: {DB25683A-FF98-4D3F-A4E7-A8C4748448DF} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe  (No File)
Task: {F6A3D0E5-F562-4D1A-8322-F67AAE89A5CB} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe  (No File)
Task: {3E56C24F-FB48-4D47-A80E-1FBB36E78561} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe  -onlytray (No File)
Task: {BA05524B-6C8B-463A-93FC-2FB517F87787} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe  (No File)
Task: {54619E65-16A9-41E7-8A4C-9DC8B69DC5F2} - System32\Tasks\DB Bigupgrade Task ( One Time ) => C:\Program Files (x86)\IObit\Driver Booster\5.2.0\BigUpgrade.exe  /bigupgrade (No File) <==== ATTENTION
S2 CmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" (No File)
S2 CmdAgentProt; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" /ProtectedSvc (No File)
S3 cmdvirth; "C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe" (No File)
S4 isesrv; "C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe" -service (No File)
S0 qozysh; no ImagePath
U3 aswbdisk; no ImagePath
U4 npcap_wifi; no ImagePath
S3 PortmasterKext; \??\C:\ProgramData\Safing\Portmaster\updates\windows_amd64\kext\portmaster-kext_v1-0-14.sys (No File)
CustomCLSID: HKU\S-1-5-21-318496623-4164476102-272956971-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\xsilicon9\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-318496623-4164476102-272956971-1001_Classes\CLSID\{3e5dba08-7ec3-cc88-1f18-0cf79ce7ade4}\localserver32 -> "C:\Program Files\AtlasVPN\Bin\AtlasVPN.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-318496623-4164476102-272956971-1001_Classes\CLSID\{BCA9D37C-CA60-4160-9115-97A00F24702D}\localserver32 -> "C:\Users\xsilicon9\AppData\Local\Vivaldi\Application\5.3.2679.70\notification_helper.exe" => No File
ShellExecuteHooks-x32: No Name - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} -  -> No File
ShellIconOverlayIdentifiers: [
 MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [
 MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [
 MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\xsilicon9\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
AlternateDataStreams: C:\WINDOWS\system32\pspcoins.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\epmntdrv.sys:BDU [1]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdkmcsp.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\AppleBtBc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\xsilicon9\Desktop\WFDownloaderApp-BETA-64bit.exe:MBAM.Zone.Identifier [52]
FirewallRules: [{94FB61E2-3D66-4904-BE75-154806702368}] => (Allow) C:\Users\xsilicon9\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{072F2F51-834F-4961-BBAF-3BCC92A10071}] => (Allow) C:\Users\xsilicon9\AppData\Roaming\BitTorrent\BitTorrent.exe => No File
FirewallRules: [{314B7DB9-66F3-4582-B062-385DFC5DDD04}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{27466714-EF2B-4EBD-ABD5-7CA39650ACDE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{921993AF-5C1C-4BBA-B5B1-AB8AECCAF205}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{E70BA5F1-38A3-4BF7-B5DB-C0E8DB312427}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [UDP Query User{1800A6B7-0439-45FF-BBAC-1C2D4A72811E}J:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) J:\program files (x86)\qbittorrent\qbittorrent.exe => No File
FirewallRules: [TCP Query User{02F77247-7C71-4EAD-8649-62A6CD827921}J:\program files (x86)\qbittorrent\qbittorrent.exe] => (Block) J:\program files (x86)\qbittorrent\qbittorrent.exe => No File
FirewallRules: [{F8BFAC8B-5C35-4624-992B-AF831D1C1176}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{31592A6B-84AC-4074-AE07-2C07D976B908}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{0BD916D8-76CF-4F92-A380-197157549419}] => (Allow) C:\Users\xsilicon9\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{3EAFD4ED-C128-44CC-B2BB-BD34FCD7394A}] => (Allow) C:\Users\xsilicon9\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{019A7C05-FF4C-4876-A878-04BDA3419468}] => (Allow) C:\Program Files (x86)\NPVR\NextPVR.exe => No File
FirewallRules: [{70790620-E129-4F2B-B35C-AA890C48C00D}] => (Allow) C:\Program Files (x86)\NPVR\NRecord.exe => No File
FirewallRules: [{CD7AD400-67B8-458D-94EC-AB3614B69132}] => (Allow) C:\Program Files (x86)\NPVR\NextPVR.exe => No File
FirewallRules: [{CF22AF80-A5B9-4808-9D52-F93A2ED3FA1F}] => (Allow) C:\Program Files (x86)\NPVR\NRecord.exe => No File
FirewallRules: [{DF4EC810-0580-41D1-B62D-D506C11FEC08}] => (Allow) C:\Program Files (x86)\NPVR\NDigitalHost.exe => No File
FirewallRules: [{6ECC4360-C440-496C-B8FC-9C932F0E3E14}] => (Allow) C:\Program Files (x86)\NPVR\NDigitalHost.exe => No File
FirewallRules: [{A8301E74-2657-48C4-9B28-826A146579D3}] => (Allow) C:\Program Files (x86)\NPVR\NCableCardHost.exe => No File
FirewallRules: [{BCD2BC87-CEAD-48A8-9AE9-A3C98FB99AEE}] => (Allow) C:\Program Files (x86)\NPVR\NCableCardHost.exe => No File
FirewallRules: [{4D71F407-E774-40BF-9A1F-A68B03B9953A}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe => No File
FirewallRules: [{67D8379D-B00A-421B-AE70-CB93F73D1BC5}] => (Allow) K:\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{4076FEE6-2DC5-436E-AB94-5E74530A8DFB}] => (Allow) K:\Red Dead Redemption 2\RDR2.exe => No File
FirewallRules: [{5602302F-B24E-4EF1-BCBD-AB6D8CF05176}] => (Allow) C:\Users\xsilicon9\AppData\Local\Google\Chrome\User Data\Windows Driver Foundation (WDF).exe => No File
FirewallRules: [TCP Query User{AE87DAA0-38C5-420F-9694-7F8A84E5CF42}G:\new temp g\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) G:\new temp g\googlechromeportable\app\chrome-bin\chrome.exe => No File
FirewallRules: [UDP Query User{F87600C4-C1AE-40C0-8D78-0054D7D2D2A6}G:\new temp g\googlechromeportable\app\chrome-bin\chrome.exe] => (Allow) G:\new temp g\googlechromeportable\app\chrome-bin\chrome.exe => No File
FirewallRules: [{5BCA122B-EA15-4979-9029-2D6CA51D78FD}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{687A2CE7-5DAD-46A3-92F2-DB9D445DCDEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{8B066DCE-8583-49BA-9FC6-0F049824F816}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => No File
FirewallRules: [TCP Query User{2361A44F-5D5F-48A0-B23C-A4F687BCB7D2}C:\program files (x86)\mipony\mipony.exe] => (Block) C:\program files (x86)\mipony\mipony.exe => No File
FirewallRules: [UDP Query User{B398E95D-6A3A-4D3A-8EB0-310D39230951}C:\program files (x86)\mipony\mipony.exe] => (Block) C:\program files (x86)\mipony\mipony.exe => No File
FirewallRules: [{B5963549-AC88-4E37-AB24-B19210DB928B}] => (Allow) C:\Users\xsilicon9\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe => No File
FirewallRules: [{75835ACA-8EA1-4CB3-9999-33276F1AC243}] => (Allow) C:\users\xsilicon9\appdata\roaming\honeygain\honeygainupdater.exe => No File
FirewallRules: [{5A4B3D99-F240-4518-BDB4-B2398BC642F8}] => (Allow) C:\program files\windowsapps\microsoft.gamingservices_34.111.20001.0_x64__8wekyb3d8bbwe\gamingservices.exe => No File
FirewallRules: [{FA5E8E80-E101-4FBD-9BA7-6F454C0CC71B}] => (Allow) C:\program files\windowsapps\microsoft.desktopappinstaller_1.28.220.0_x64__8wekyb3d8bbwe\windowspackagemanagerserver.exe => No File
FirewallRules: [{F31327DD-5724-46EF-ACFF-84CD9BB43107}] => (Allow) C:\program files (x86)\comodo\internet security essentials\vkise.exe => No File
FirewallRules: [{FEE61342-879D-4F4D-BF8D-CF30EA1E58C0}] => (Allow) C:\program files (x86)\google\googleupdater\148.0.7730.0\updater.exe => No File
FirewallRules: [{FAE7A0BD-A170-43FD-8ABE-581EE8662F85}] => (Allow) C:\program files\common files\microsoft shared\clicktorun\updates\16.0.19929.20090\officeclicktorun.exe => No File
FirewallRules: [{1DF793D5-FBD1-4614-9689-6A7D7D609940}] => (Allow) C:\program files\windowsapps\microsoft.gamingservices_35.112.23002.0_x64__8wekyb3d8bbwe\gamingservices.exe => No File
FirewallRules: [{30CB6572-8081-4448-9DFF-79C09DEBB5B7}] => (Allow) C:\program files\windowsapps\ad2f1837.hpprintercontrol_164.1.1128.0_x64__v10z8vjag6ke6\desktopextension\hpprintscandoctorext.exe => No File
FirewallRules: [{9BF7E6F3-2BD2-47DF-8221-59FBDD07CB32}] => (Allow) C:\users\xsilicon9\downloads\ghost of tsushima director's cut trainer - fling.exe => No File
FirewallRules: [{07455DDA-7F20-4A5D-90E8-006CD348AEE4}] => (Allow) C:\program files\common files\microsoft shared\clicktorun\updates\16.0.19929.20106\officeclicktorun.exe => No File
FirewallRules: [{C7B74242-5D0A-49C6-94E4-5A6C09232924}] => (Allow) C:\program files (x86)\mipony\mipony.exe => No File
FirewallRules: [{75671513-1466-4C64-BF27-3F7726D453ED}] => (Allow) C:\users\xsilicon9\appdata\local\temp\{9711c2b9-6514-41c0-a774-4bea512c3dc6}\{93355f12-d4cb-4a1d-aca0-f1017290fb53}.exe => No File
FirewallRules: [{353E1FD7-C977-4C15-948B-A1C0BEE98BB9}] => (Allow) C:\users\xsilicon9\appdata\local\temp\eektmp\emsisoftantimalwaresetup.exe => No File
FirewallRules: [{A344ABEF-1C9F-4EC8-83F9-79667C37B075}] => (Allow) C:\users\xsilicon9\appdata\local\temp\rar$exa49312.41312\cce_2.5.242177.201_x64\cce_x64\cce.exe => No File
FirewallRules: [{FAF1462A-6895-4355-B787-BBC77AA05409}] => (Allow) C:\users\xsilicon9\appdata\local\temp\rar$exa18012.8585\cce_2.5.242177.201_x64\cce_x64\cce.exe => No File
FirewallRules: [{12E9F759-003D-4413-A0F3-67A1A55CED1A}] => (Allow) C:\users\xsilicon9\appdata\local\temp\is-uo5l1.tmp\epp_installer.tmp => No File
FirewallRules: [{76EBD159-C310-491B-A4F9-63B93B334083}] => (Allow) C:\program files\f-secure online scanner\endpoint protection sdk\rtp_setup.exe => No File
FirewallRules: [{E14F69E0-91DB-478B-9779-A4A4C4EEF036}] => (Allow) C:\program files\f-secure online scanner\endpoint protection sdk\endpointprotection.exe => No File
FirewallRules: [{22DFF96C-BB17-40CF-8F80-86F92342DE66}] => (Allow) powershell.exe => No File
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-318496623-4164476102-272956971-1001\...\Policies\system: [shell] explorer.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
R3 ALSysIO; C:\Users\xsilicon9\AppData\Local\Temp\ALSysIO64.sys [43528 2026-05-08] (Microsoft Windows Hardware Compatibility Publisher -> Arthur Liberman) <==== ATTENTION
R3 GPU-Z-v2; C:\Users\xsilicon9\AppData\Local\Temp\GPU-Z-v2.sys [50216 2026-05-08] (TechPowerUp LLC -> ) <==== ATTENTION

2024-09-22 04:25 - 2024-08-21 17:31 - 000067136 _____ (Microsoft Corporation) C:\Users\xsilicon9\poolmon.exe
2018-05-21 12:00 - 2023-08-25 02:00 - 000827898 _____ () C:\Users\xsilicon9\Network_Meter_Data.js
2018-05-21 11:44 - 2023-08-23 20:33 - 000033634 _____ () C:\Users\xsilicon9\IP_Log_Data.js
2018-07-23 13:17 - 2018-07-23 13:17 - 000099384 _____ () C:\Users\xsilicon9\AppData\Roaming\inst.exe
2020-12-20 17:16 - 2021-04-04 18:03 - 000001293 _____ () C:\Users\xsilicon9\AppData\Local\Temp1.html
2021-04-04 18:03 - 2021-04-04 18:03 - 000012195 _____ () C:\Users\xsilicon9\AppData\Local\Temp32.html
2020-08-07 09:59 - 2020-08-07 09:59 - 000080219 _____ () C:\Users\xsilicon9\AppData\Roaming\TNod-14370.log
2020-08-07 09:59 - 2020-08-07 09:59 - 000080219 _____ () C:\Users\xsilicon9\AppData\Roaming\TNod-14364.log
2020-08-07 09:59 - 2020-08-07 09:59 - 000080219 _____ () C:\Users\xsilicon9\AppData\Roaming\TNod-14344.log


C:\Users\xsilicon9\AppData\Local\Google\Chrome\User Data\Windows Driver Foundation (WDF).exe
C:\WINDOWS\Windows Driver Foundation (WUD).exe

File: C:\Program Files\Windows Sidebar\sidebar.exe



StartRegedit:
Windows Registry Editor Version 5.00
    
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001

EndRegedit:


StartPowershell:
Try {
    $Paths=(Get-MpPreference).ExclusionPath
    $Extensions=(Get-MpPreference).ExclusionExtension
    $Processes=(Get-MpPreference).ExclusionProcess
    
    foreach ($Path in $Paths) { 
        Remove-MpPreference -ExclusionPath $Path -force -ErrorAction Stop
    }
    foreach ($Extension in $Extensions) { 
        Remove-MpPreference -ExclusionExtension $Extension -force -ErrorAction Stop
    }
    foreach ($Process in $Processes) { 
        Remove-MpPreference -ExclusionProcess $Process -force -ErrorAction Stop
    }
}
Catch {
    Write-Error "Error occurred while removing Windows Defender exclusions: $_"
}
EndPowershell:


StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
    New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
    New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
    $a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
    $a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:

StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan

New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:

CMD: reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t REG_SZ /d "Warn" /f
CMD: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "EnableWebContentEvaluation" /t REG_DWORD /d 1 /f
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
C:\Windows\SystemTemp\*

EmptyTemp:
End::